Risk detection

Bearer enables you to identify data security risks and vulnerabilities throughout your development lifecycle and across your production environment. Thus you can:
  1. 1.
    Detect and prioritize risks before and after they reach your production environment.
  2. 2.
    Prioritize issues based on impact to reduce noise and avoid alert fatigue.
  3. 3.
    Assess risks faster and more accurately with actionable context.
  4. 4.
    Stop slowing down development by automating security checks.
Risk events are listed on the Home page in an inbox format.

What risks does Bearer detect?

A risk event is triggered when:
  • A repository processes new sensitive data.
  • A repository processes sensitive data and integrates with a new third party.
  • An unsecure database is accessed.
  • Database backups are disabled.
  • Code is missing server-side encryption.
  • Databases are missing logging and/or monitoring.
  • Data stores contain new sensitive data.
  • Publicly available data stores contain sensitive data.
  • Databases storing sensitive data are located outside of the U.S. (for HIPAA) or Europe (for GDPR).
Bearer provides you with contextual information so you can investigate and assess risks efficiently. Once a risk has been detected, you can ignore it, assign it to a teammate (JIRA integration coming) and close once it has been mitigated.

Can I customize risk events?

Risk events can be customized in the Settings to fit your own processes.
For each risk event you can set up:
  • the risk level
  • notifications (emails, Slack)

Can I set up my own risk detection rules?

We are open to discussing any detection rule that might be valuable to your organization.
Just reach out to [email protected] and let us know what you need to be more secure.